CVE-2017-18016

MEDIUM

Parity Browser <= 1.6.10 - Origin Validation Error via Web Proxy Engine

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-18016. PoCs published by tintinweb.

AI-analyzed exploit summary This exploit demonstrates a Same Origin Policy (SOP) bypass in Parity Browser <=1.6.8 by reusing a proxy token to access other websites via the Parity web proxy engine, allowing script/DOM/XHR access to proxied content.

Description

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).

Exploits (1)

exploitdb WORKING POC
by tintinweb · textlocalmultiple
https://www.exploit-db.com/exploits/43499

This exploit demonstrates a Same Origin Policy (SOP) bypass in Parity Browser <=1.6.8 by reusing a proxy token to access other websites via the Parity web proxy engine, allowing script/DOM/XHR access to proxied content.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Parity Browser <=1.6.8
No auth needed
Prerequisites: Victim must navigate to a malicious website using Parity Browser's built-in web browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2018/01/10/1
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43499/

Scores

CVSS v3 5.3
EPSS 0.0558
EPSS Percentile 91.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-346
Status published
Products (1)
parity/browser 1.6.10
Published Jan 11, 2018
Tracked Since Feb 18, 2026